ClawHub

mlops-engineer

PassAudited by ClawScan on May 3, 2026.

Overview

This instruction-only MLOps skill appears coherent and purpose-aligned, but users should carefully review any generated production deployment or model-promotion changes before applying them.

This skill is reasonable to install as an instruction-only MLOps helper. Before using its outputs, review generated scripts, CI/CD configs, model-registry actions, endpoints, and artifact-loading logic as you would any production infrastructure change. The provided reference file is marked truncated in the artifact data, so this review is limited to the visible content.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI02: Tool Misuse and Exploitation
What this means

A copied or adapted example could change which model is considered production-ready, potentially affecting downstream serving or deployment workflows.

Why it was flagged

The reference example includes an MLflow API call that promotes a model version to Production. This is expected for an MLOps skill, but it is a high-impact operation if run against a real model registry.

Skill content
self.client.transition_model_version_stage(
            name=model_name,
            version=version,
            stage="Production"
        )
Recommendation

Treat generated deployment and model-promotion code as change proposals: verify the target registry or cluster, require human approval, use staging/canary workflows, and keep rollback procedures ready.

Low
#ASI05: Unexpected Code Execution
What this means

If a user adapts the example to load untrusted artifacts, malicious serialized files could execute code in the training or evaluation environment.

Why it was flagged

The reference pipeline deserializes Joblib artifacts. This is common in ML pipelines, but Joblib/Pickle-style formats can execute code if artifacts come from an untrusted or tampered source.

Skill content
data = joblib.load(processed_data_path)
...
model = joblib.load(model_path)
Recommendation

Only deserialize trusted or signed ML artifacts, keep artifact storage access-controlled, verify hashes or provenance, and prefer safer formats for untrusted data inputs.